Sodinokibi hackers who stole 756 GB of celebrity data from a law firm are demanding $42 million in XMR and threatening to publish compromising material on US President Donald trump.
The REvil hacker group, also known as Sodinokibi, has already published 2 GB of legal documents marked “Lady Gaga” and sent information about the stolen data to the media. Attackers claim to have stolen the data of the law firm Grubman Shire Meiselas&Sacks, whose clients include Elton John, Robert De Niro and Madonna.
Criminals hacked and encrypted the firm’s server, stealing 756 GB of data about confidential contracts, phone numbers, email addresses, personal correspondence, non-disclosure agreements, and much more. Hackers demanded $42 million in cryptocurrencies, threatening to publish the data otherwise, but the company has so far refused to pay.
This week REvil hackers published
a new message in which they double the size of the initial ransom and use dirt on US President Donald trump as leverage:
“The next person we will publish data about is Donald trump. Elections are underway, and we found a lot of compromising material in time.”
Speaking directly to trump, REvil recommends that He “poke guys with a stick” (meaning the law firm) in the coming week if he wants to remain President. The hackers also reached out to voters and said:”…we can guarantee that after publication, you will not want to see him as President.”
The attackers threatened to publish the stolen data in nine stages if the law firm did not pay the ransom. Hackers prefer to receive payment in XMR, but are also willing to accept BTC. It is unclear what relation trump has to the firm, since he has never been a client of it.
According to the New York Post, Grubman Shire Meiselas&Sacks refuses to negotiate with hackers, despite their threats to “destroy the law firm to the ground if the money is not paid.” The firm believes that hackers can publish documents even if a ransom is paid, and the FBI regards the hack as a terrorist act.
Emsisoft cybersecurity specialist Brett Callow called the ransom “one of the largest such demands” and noted:
“Companies in this situation do not have good options… Even if they meet the ransom demand, there is no guarantee that criminals will destroy the stolen data if it has a high market value. The data can still be sold… In this case, it is possible that criminals will try to extort money directly from people whose information may be disclosed.”
Earlier this year, other hackers compromised
five law firms in the United States and demanded from each of them two ransoms of 100 BTC: one to restore access to the data, the other to delete their copy and non-disclosure.